Category: Security

Oct 17 2016

Week Three of National Cyber Security Awareness Month

Original release date: October 17, 2016

In partnership with DHS, the National Cyber Security Alliance has released information on recognizing cyber crime and how to protect yourself online. Recommendations include deleting suspicious communications, being wary of "too good to be true" offers, and using strong authentication. The #CyberAware Tip of the Week is to keep a clean machinemake sure the security software on all your electronic devices is updated.

US-CERT encourages users and administrators to review the Stop.Think.Connect. Phishing Tip Card and the US-CERT Tip Understanding Patches for additional information. Visit the US-CERT website for articles on Week 1 and Week 2 of the campaign.

This product is provided subject to this Notification and this Privacy & Use policy.

Oct 17 2016

How to: Testing Android Application Security, Part 4

One of the best ways to develop secure Android applications is to engage in penetration (pen) testing, in effect trying to break into your application just as an attacker might do. This is the fourth in a series of posts on pen testing Android applications. In the first we set up the testing environment and captured traffic. In the second, we discussed some tools and proxy techniques—Drozer, Apktool, and a “man in the middle” proxy—that come in handy during a security review of Android applications. In the third, we looked at reviewing Android’s manifest file.

During pen testing of Android applications it is often necessary to modify the app’s source code to bypass SSL pinning, check for tampering protection, bypassing application logic, and other steps. In this article, we will cover the process to successfully modify the source code.

Tools required

  • Download and set up Apktool
  • Jarsigner
  • JD-GUI


Step 1: Convert the code into Smali format

Set up Apktool and use the following command to disassemble the APK. We used the test application Sieve.

apktool d <your apk path here> -o <output path>


The disassembled APK folder contains the Smali files. These files can be modified using any text editor, as shown in the following screen:


You can also use JD-GUI (by converting classes.dex file into .jar format) to identify the class or methods you want to modify, and then to patch the corresponding Smali files.


Step 2: Repack the APK

After modifying the Smali code, you must repack the APK. Use the following command:

apktool b <deassembled apk path> -o <output apk path>


Android requires every APK to be signed. Any unsigned binary results in a passing error. Thus the next step is to create a key pair, and sign the APK with that.


Step 3: Create and sign the key

Keytool and Jarsigner come packaged in the Java Development Kit bundle and are required to complete this step. Use this command to generate the key:

keytool -genkey -v -keystore mykey.keystore -alias <Any alias name> -keyalg RSA -keysize 2048 -validity 10000


After you answer the series of questions that follow, a keyfile (mykey.keystore) is created in the C:\Users\<username> directory.

Once the key pair is created, the APK can be signed using the following command:

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore mykey.keystore <apk path> alias_name


After completing all the steps, the repacked APK can be successfully installed on the device.

In our next post we will focus on obtaining and analyzing the Android memory dump for sensitive information.

The post How to: Testing Android Application Security, Part 4 appeared first on McAfee.

Oct 17 2016

Defense contractor “white hat” tells FBI that Judicial Watch paid him to hunt for Clinton hack

Enlarge / Excerpt of an FBI interview report detailing a Judicial Watch deal with a defense contractor to search for hacked Clinton files.

More records from the Federal Bureau of Investigation's review of Hillary Clinton's e-mail practices have been released through the FBI's Freedom of Information Act site, including interviews with a number of individuals related to the security of the server. One of them was an employee of a defense contractor who claimed he was funded by Judicial Watch to investigate whether Clinton was hacked.

In the interview, the individual, whose name was redacted, claimed that he used the services of Dark Horse Data, a company owned by former Deputy Undersecretary of Defense for Intelligence Reginald Hyde, to search for e-mails associated with Clinton's personal account. The company focuses on "specialized data acquisition for both US and International customers" and has provided database intelligence analysis to the US government.

The credibility of that information, however, is certainly in doubt. Hyde denied that his company was involved in any such task, telling Ars Technica in a phone interview that he "was quite astounded to learn" of the assertion in the FBI documents and saying that it was like "being asked how your day on Mars was. My company was categorically not involved in this."

Read 4 remaining paragraphs | Comments

Oct 17 2016

nishang – PowerShell For Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing, offensive security and red teaming. Nishang is useful during all phases of penetration testing. Usage Import all the scripts in the current PowerShell session (PowerShell v3 onwards). [crayon-5805249433b18149319265/] Use the...

Read the full post at